baoyu-post-to-x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's md-to-html.ts explicitly downloads remote images over HTTPS ("Remote Images: Automatically downloaded to temp directory" and downloadFile/resolveImagePath in scripts/md-to-html.ts) and the parsed HTML and image placeholders are then used by x-article.ts to drive DOM actions (uploading images, inserting HTML, choosing cover/title), so untrusted public content from arbitrary URLs is fetched and can directly influence the agent's browser automation and next actions.